The 20-year-old Brazilian student writes Trojans to steal financial information from banks
A 20-year-old Brazilian college student held accountable for designing and distributing over 100 Banking Trojans at a sale price of US$300 each, has been recognized by the security firm, Trend Micro.
Researchers said that the computer science student first began his career by posting in forums by asking for programming assistance on a Trojan he was designing. He is also known by online names such as ‘Hacker’s Son’, ‘Lordfenix’, and ‘Filho de Hacker’.
However, Lordfenix has “grown quite confident in his skills” and began designing and distributing malware fitted to steal financial information since at least 2013. He has developed more than 100 Trojans.
“Based on our research, Lordfenix has created more than 100 different banking Trojans, not including his other malicious tools, since April 2013,” Trend Micro says. “With each Trojan costing around R$1,000 (roughly $320), this young cybercriminal channeled his talent in programming into a lucrative, illegal venture.”
An image of the hacker’s Facebook wall post (given below) has also been provided by Trend Micro in which the hacker displays a large amount of local currency.
Lordfenix has now begun presenting free versions of fully-functional Banking Trojan source code in order to expand its operation other wanna-be cyber criminals on the underground forum.
Login details of customers of four different Brazilian banking websites including HSBC Brazil, Bank of Brazil, and Caixa. ‘Clients’ have to pay for a more powerful tool, TSPY_BANKER.NJH for access to other financial information.
TSPY_BANKER.NJH is a Trojan that has the ability to recognize when a user approaches any of a target bank’s URLs into their browser. The browser window is then closed down by the malware (if it is running on Google Chrome), shows an error message, and then opens a bogus Chrome window.
The moment the victim inputs the login details into the bogus window, the details are transmitted to the attackers address via email.
Lordfenix’s malware as an preventive measure also includes a software program to end a security process called GbpSV.exe, that is used by many banks in Brazil in an attempt to keep their online data of the customer safe.
Malware Threat to Online Banking is growing quickly and it is a boon for hackers, as countries like Brazil have half of their financial transactions performed online.